Open source instant messaging app Telegram has become the latest app to be faked by criminals hoping to take advantage of users.
According to Symantec, an application named ‘Teligram [New version updated]’ was created using the open source element of Telegram and appeared on the Google Play Store. This app, which has since been removed by Google, was almost identical to the app it was copying.
The almost identical nature of the name and the addendum ‘[New version updated]’ were put in place to trick users into thinking the app was a newer version of the legitimate Telegram app.
Unlike most imitation apps of this nature, however, Teligram didn’t seem to have any malicious motivation behind it, and was only created to profit from ad revenue through ad libraries its developers had added.
News of the Telegram imitation comes shortly after Symantec discovered a new variant of the Android.Fakeapp malware that was imitating the Uber app interface with the aim of gaining the login credentials of users.
“The issue here is ‘impostor apps’ uploaded to Google Play; lookalike apps that have some extra, and possibly malicious, functionality added,” said John Kozyrakis, applied research lead at Synopsys. “Whether an application is open source or not has very little relevance. Impostor apps are regularly created and uploaded for closed source apps as well. It is quite easy to create an impostor app of any closed-source mobile application and upload it to Google Play. If the source is openly available, the process is just slightly easier.
“Removing impostor apps is a tricky problem for Google, as they need to have ways to identify if a lookalike is actually an impostor or a different legitimate application. While it is a hard problem, Google can certainly do more to catch these earlier on, for example via code similarity measurements.”